The Boring AppSec Podcast

The Future of Identity in AI Agents with Ian Livingstone

Jan 28, 2026
Guest
Ian Livingstone
Ian Livingstone, CEO and co-founder of Keycard and serial builder focused on developer experience, explores agent identity in the AI era. He discusses non-deterministic AI behavior and why current service accounts fail. Conversation covers fine‑grained, federated permissions, the risks of agents accessing the public web, and how liability, insurance, and engineering practices must evolve.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Agents Are Non-Deterministic Decision Makers

  • Agents are non-deterministic probability engines, not new human users, which breaks attribution to a single human actor.
  • That non-determinism raises blast radius and forces a shift to least-privilege, dynamic permissioning.
INSIGHT

Current Machine Identity Is Fragmented

  • Existing service-account and OAuth islands don't connect machine identity to user identity across apps.
  • Agents need interoperable, federated identity and dynamic delegation to unlock cross-service value.
ADVICE

Enforce Dynamic, Scoped Permissions

  • Build hyper-granular, dynamic policies and enforce runtime-scoped tokens rather than broad read/write scopes.
  • Combine deterministic rule engines with LLMs to generate and validate adaptive policies.
Get the Snipd Podcast app to discover more snips from this episode
Get the app